On Tue, Sep 13, 2022 at 12:00:48PM +0200, Martijn van Duren wrote:
> varbind was designed to allow both a ber NULL and a NULL pointer for
> value. The ber NULL case is there for when it was received via a PDU.
> The NULL pointer case can happen if application.c runs into a timeout
> or when a backend runs into problems.
>
> The NULL pointer case however was overlooked in appl_varbind_valid and
> results in an "missing value" error, (needlessly) terminating the
> connection to the backend.
>
> Found the hard way by Mischa Peters while stress testing agentx support
> for vmd.
>
> OK?
ok tb
>
> martijn@
>
> Index: application.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 application.c
> --- application.c 31 Aug 2022 09:19:22 -0000 1.15
> +++ application.c 13 Sep 2022 09:59:19 -0000
> @@ -1170,8 +1170,11 @@ appl_varbind_valid(struct appl_varbind *
> int eomv = 0;
>
> if (varbind->av_value == NULL) {
> - *errstr = "missing value";
> - return 0;
> + if (!null) {
> + *errstr = "missing value";
> + return 0;
> + }
> + return 1;
> }
> if (varbind->av_value->be_class == BER_CLASS_UNIVERSAL) {
> switch (varbind->av_value->be_type) {
>
